A Formal Model of Security Controls' Capabilities and Its Applications to Policy Refinement and Incident Management

arXiv:2405.03544v1 Announce Type: new
Abstract: Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer …

administrators applications arxiv capabilities configuring controls cs.cr incident information management policy process requirements risks security security controls security requirements support systems threats tool